NETWORK THREAT DETECTION

Frost & Sullivan Awarded Securethings.ai the 2020 Technology Innovation Leadership Award Securethings

Frost & Sullivan | January 24, 2022

Frost & Sullivan Awarded
Frost & Sullivan has awarded SecureThings.ai the 2020 Technology Innovation Leadership Award based on their recent analysis of the Indian automotive cybersecurity solutions market. By providing continuous vehicle monitoring to detect unknown behaviors and threats, the company takes a holistic approach to solve cybersecurity risks in connected vehicles. SecureThings sets itself apart from the competition with its comprehensive, multi-layer, in-depth defense cybersecurity solutions for electric vehicle manufacturers, fleet owners, OEMs, Tier I suppliers, telematics device vendors, and mobility service providers.

SecureThings provides end-to-end vehicle security solutions based on a five-pronged approach: detection, reaction, recovery, identity, and protection. Using patented machine learning-based solutions, we are the leading source of in-vehicle cyber security for OEMs, Tier 1 Suppliers, and Subsystem Manufacturers. OEMs shared services operators and fleet managers can use the company's threat intelligence and cloud security technology to get complete control, extensive monitoring, and effective resolution procedures. The SecureThings Cloud platform provides active defense by integrating external vulnerability searches and new attack chains with the correlation engine of the automobile security operations center. Furthermore, the platform gives precise information and insights into fleets' potentially vulnerable cars, allowing for proactive risk mitigation measures. As a result, OEMs can use safe over-the-air upgrades to detect and fix major and dangerous cybersecurity flaws.

"SecureThings offers detailed and customized protection solutions for real-time in-vehicle, network, and in-vehicle network use cases,"Real-time in-vehicle protection provides three security layers to protect a vehicle from various attacks. The first layer secures physical and remote interfaces from any unwanted code entering the automobile's systems. The second layer delivers protection from memory-based attacks, such as memory corruption and buffer overflow attacks. The final layer protects the entire vehicle network by leveraging machine learning software, ensuring security by identifying threats through real-time intelligence."

Kaushik Madhavan, Vice President - Mobility at Frost & Sullivan

SecureThings has carved out a niche in the industry by offering specialized services like cybersecurity assessment, penetration testing, and ethical hacking to OEMs, Tier 1 suppliers, and mobile service providers. To assure zero exposure, the company's research and advisory staff hunts for and analyses risky autos and devices. In addition, SecureThings' research lab brings together a strong group of industry professionals in enterprise cybersecurity, in-vehicle security, machine learning, and Big Data analytics to offer best practices for implementing robotic cybersecurity solutions to mitigate risks.

"SecureThings' protection solution design incorporates deterministic, and machine learning approaches that help customers achieve significant improvements in their cyber defense ratings," noted Madhavan. "Leveraging its industry-leading technologies; advanced research labs; and a cost-effective, customized solution, SecureThings aims to incorporate innovative products and services in its portfolio in the coming years."
This award is given by Frost & Sullivan every year to the company that has developed a product with novel features and functionality that is quickly gaining market adoption. The award honors the solution's excellence and the client value additions it enables.

Companies in several regional and global markets are honored with Frost & Sullivan Best Practices Awards for exhibiting remarkable achievement and superior performance in leadership, technological innovation, customer service, and strategic product creation. Industry analysts use in-depth interviews, analysis, and extensive secondary research to compare market participants and analyze performance to find the best practices in the industry.

Spotlight

Browsing the Internet and staying connected with our mobile devices has become almost second nature to many of us. As we store some of our most valuable and private information on our phones, it’s more important than ever before to keep our devices secure and protected. Luckily, you don’t need to be an expert to stay safe in our connected world. Check out the quiz below to see if you have the basics covered.


Other News
ENTERPRISE SECURITY

DTEX Systems Named to the Enterprise Security Tech Cyber Top 20 List

DTEX Systems | June 18, 2022

DTEX Systems, the Workforce Cyber Intelligence & Security Company™, today announced that it has been named to the Enterprise Security Tech Cyber Top 20 List. The list recognizes the top cybersecurity companies providing the most value to market based on technical product/service innovation, industry analyst recognition, customer testimony, diversity and inclusion initiatives, talent development initiatives, and contributions to the cyber community. “The future of data loss prevention and protection is human-centric, not data-centric. “We’re thrilled to be named to this inaugural list of top cybersecurity companies by Enterprise Security Tech, as it is further testament to the success of DTEX’s innovative, human-centric approach to enterprise security and our team’s continued efforts to expand beyond the capabilities of legacy cybersecurity solutions.” Jonathan Daly, Chief Marketing Officer at DTEX Systems As the first and only Workforce Cyber Intelligence and Security platform to put humans at the center of an organization's cybersecurity matrix, DTEX InTERCEPT offers an innovative approach to data collection and analysis that centers around human activity and intent, providing organizations with the context needed to escalate and remediate an event before malicious insiders attack, or data exfiltration occurs. The InTERCEPT platform brings together the capabilities of Insider Threat Management, User and Entity Behavior Analytics, Digital Forensics, and Behavioral DLP in an all-in-one lightweight, cloud-native platform. Only DTEX InTERCEPT delivers the behavioral context and activity intelligence that answers the Who, What, When, Where, Why and How related to any potential insider threat situation, compromised account event or data loss scenario without invading personal privacy. “The cybersecurity industry is going through an evolution right now,” said Jack Campbell, Editor, Enterprise Security Tech. “The threat landscape is growing at a faster pace than organizations can keep up with - so companies need innovative tools and services that leverage automation and simplification to combat threats at scale. We’re honored to be able to recognize these leaders for the value that they are bringing to the market and their contributions to the fight against cyber threats.” This accolade comes on the heels of two notable industry recognitions from Cyber Defense Magazine (CDM), which named DTEX ‘Most Innovative Data Loss Prevention’ and ‘Publisher's Choice Insider Threat Prevention’ in the 10th annual Global InfoSec Awards. About DTEX Systems DTEX Systems helps hundreds of organizations worldwide better understand their workforce, protect their data, and make human-centric operational investments. Its Workforce Cyber Intelligence & Security platform brings together next-generation DLP, UEBA, digital forensics, user activity monitoring and insider threat management in one scalable, cloud-native platform. Through its patented and privacy-compliant meta-data collection and analytics engine, the DTEX platform surfaces abnormal behavioral “indicators of intent” to mitigate risk of data and IP loss, enabling SOC enrichment with human sensors and empowering enterprises to make smarter business decisions quickly. About Enterprise Security Tech Enterprise Security Tech is a specialized cyber media company with a global presence. The Enterprise Security Tech blog is a cybersecurity blog written for CISOs, CIOs, and security-minded CEOs that brings together critical news, expert insights, and product information to help security leaders make informed business decisions. Enterprise Security Tech is also home to The Cyber Jack Podcast, which brings listeners the latest cybersecurity insights via security experts from around the industry.

Read More

PLATFORM SECURITY

SentinelOne and Okta Integration Accelerates Incident Response with XDR and Identity Security

SentinelOne | May 31, 2022

SentinelOne, an autonomous cybersecurity platform company, today announced SentinelOne XDR Response for Okta, enabling security teams to quickly respond to credential compromise and identity-based attacks. The integration of SentinelOne’s XDR platform with Okta’s identity management capabilities offers a powerful new solution to accelerate response and minimize enterprise risk. “Attackers exploit endpoint and identity security and access gaps. SentinelOne and Okta are leaders in securing both of these enterprise domains. “Incorporating SentinelOne Singularity XDR into the Okta identity platform improves the contextual awareness of our solution, ensuring that every identity is verified and malicious actors cannot advance laterally in pursuit of high-value targets. With SentinelOne across enterprise attack surfaces and Okta enforcing identity policies, organizations enjoy the best of both worlds in a single solution.” Stephen Lee, VP Technical Strategy & Partnerships, Okta According to the 2022 Verizon Data Breach Investigations Report, 82% of breaches involved the human element including the use of stolen credentials. While there are existing solutions that secure various pieces of the enterprise they are often siloed, causing gaps in visibility and making it difficult to achieve a holistic understanding of an organization’s security posture. “Groupon is on a constant journey of modernization, adopting new and cutting-edge cloud technologies like SentinelOne Singularity XDR and Okta to best protect our employees and customers,” said Ryan Ogden, Director of Information Security, Groupon. “Consolidating context from various tools and automating response force multiplies our team to address the growing scale and speed of threats.” SentinelOne’s StorylineTM observes all concurrent processes across OSs and cloud workloads, providing rich context for any potential endpoint security incident. When a threat is detected, Singularity XDR informs Okta of the last logged-in user for that endpoint and Okta provides identity context from Okta data. By combining XDR and identity context, the joint solution helps security analysts quickly determine who is doing what on which device, significantly reducing the risk of endpoint or identity-based attacks. SentinelOne XDR Response for Okta provides a fully automated remediation process, alleviating the burden on the SOC team and allowing analysts to focus on higher-value tasks. Other key use cases include: Threat Enrichment - automatically enriches threats within Singularity XDR with recent login information via Okta to make security data actionable. User Suspension - terminates active sessions originating from compromised devices to minimize response time for prevention and remediation. Reset Password - forces password resets, preventing SSO-enabled lateral movement across corporate applications. Force Reauthentication - initiates a multi-factor authentication (MFA) workflow within Okta, locking the account until the user re-authenticates with a valid MFA token for identity verification. “Compromising identities and moving laterally to exploit an organization’s ‘crown jewels’ is the blueprint of modern attacks,” said Yonni Shelmerdine, Vice President of Product Management, SentinelOne. “Organizations need robust endpoint protection and visibility into user sessions to respond effectively to malicious activity. With SentinelOne and Okta, enterprises gain enterprise-grade context for effective security operations.” About SentinelOne SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.

Read More

PLATFORM SECURITY

TAC Security Launches the ESOF Vulnerability Prediction Feature

TAC Security | June 13, 2022

TAC Security, a Silicon Valley-based Cybersecurity company, announced the launch of their ESOF Prediction Feature. The Prediction feature allows the organizations to forecast the quantity of new vulnerabilities in an asset for the coming month. The results will be based on the vulnerability specifics from anyone’s most recent scan results for each Asset type. The feature anticipates the ESOF cyber scores of various Asset types present in one’s infrastructure and based on the number, the predicted vulnerabilities are generated. The count of predicted vulnerabilities gets further divided based on severity levels for e.g., Critical, High, Medium and Low. ESOF predicts the number of vulnerabilities in the coming months and generates a cyber score based on that for the coming months. The platform will predict the following - Monthly Prediction of Vulnerabilities. Prediction of ESOF Cyber Score Prediction of Vulnerabilities that can be patched Prediction of Type of Vulnerability(s) ESOF also allows the count of predicted vulnerabilities to be compared to the number of actual vulnerabilities. The representational graphs will contain both the actual count and predictive count of the vulnerabilities for the coming months. “The prediction feature allows security teams to foresee threats and prepare for them. If the security team needs training or resources, knowing in advance allows them to invest time and resources to improve their security processes. ESOF plays an essential role in allowing teams to discover, prioritize and remediate before situation demands, rather than mass efforts like other tools,” said, Trishneet Arora, Founder and Chief Executive Officer, TAC Security. “We are thrilled to take the next step to ensure ESOF becomes Cybersecurity's Future. The Prediction feature is a revolutionary contribution by TAC Security to the ever-evolving Risk and Vulnerability Management market. The ability to foresee threats allows not only the security teams and leaders to be prepared. And gives them the chance to communicate with the whole organization, including the Board Members, so they know what to expect. It allows the organization to be well prepared and plan their resources to strengthen their security processes and reduce the chances of a breach remarkably.” Chris Fisher – CMO, TAC Security This announcement closely follows TAC Security’s recent launch of another new product, ESOF Product CyberScore. The product provides ability to generate risk scores for each product installed in the system. In addition to an individual product risk score for the product on a single asset, there is also a group score that will be based upon all the assets that have the product installed. With the overall product score, they can easily identify the most vulnerable products present in all the assets and prioritize the top 10 most vulnerable products present in the organization. The prediction model is a major stepping stone in TAC Security’s mission of ensuring a cyberscore becomes the next credit score system for organizations to be considered compliant. The ability to forecast upcoming vulnerabilities gives organizations an edge over the adversaries and continues to strengthen the risk posture of their overall IT infrastructure. About TAC Security TAC Security, headquartered in San Francisco, is a global leader in Vulnerability Management that protects Fortune 500 companies, leading enterprises, and governments around the world. TAC Security manages 5+ Million vulnerabilities through its Artificial Intelligence (AI) based Vulnerability Management Platform ESOF (Enterprise Security in One Framework). TAC Security has established strategic partnerships with leading cloud providers and managed service providers and consulting organizations including Tech Mahindra, IBM, KDDI Japan, and distributors including Dataguard Technologies LLC and Ingram Micro.

Read More

SOFTWARE SECURITY

Whistic Announces Support of Google’s Minimum Viable Secure Product Framework

Whistic | May 23, 2022

Today, Whistic, the proactive vendor security network for both buyers and sellers, announced support for the Minimum Viable Secure Product (MVSP) framework, a security baseline developed by Google in a collaborative effort with Okta, Slack, and Salesforce. Until the introduction of MVSP, there was no commonly accepted baseline available among security professionals that indicated the importance of security controls. With MVSP, vendors can demonstrate to their customers that they are meeting, at a minimum, the baseline of security as outlined by some of the industry’s top security professionals. “We believe a vendor-neutral security baseline is an important step in establishing minimum acceptable security requirements for enterprise software and services. “By assuring enterprise solutions include the core security building blocks, we can work to reduce third-party risk, and promote security as a key part of the product development lifecycle.” Chris John Riley, Senior Security Engineer at Google Vendors that utilize Whistic to share security documentation via the MVSP help streamline and accelerate the security review process for their customers, helping them to rapidly understand the vendor’s security posture. “Enabling companies to showcase their security posture using the MVSP and other industry frameworks is a key step toward ensuring transparent relationships between vendors and their customers,” stated Nick Sorensen, Whistic CEO. “In addition to announcing support of MVSP, we recently launched Whistic Basic Profile that enables any business regardless of size to proactively share their security posture with customers and publish it to the Whistic Vendor Security Network for free.” Basic Profile allows vendors to self-assess against industry standard frameworks, including MVSP. It also includes a limited number of Profile shares, and the ability to publish to the Whistic Trust Catalog, enabling Whistic customers to conduct Zero-Touch Assessments of the vendor’s security posture. “Okta has already added MVSP to our Whistic Profile and we look forward to seeing more and more of our vendors adopt this baseline in their Profiles,” said Gen Buckley, Director, Customer Assurance Customer Trust at Okta Security and founding committee member of MVSP. “We are always looking for ways to streamline our vendor security reviews and drive a more secure ecosystem, and MVSP helps accomplish that while also promoting transparency and collaboration between vendors and customers.” Marat Vyshegorodtsev, Enterprise Security JAPAC representative at Salesforce adds, “Organizations of all sizes often purchase dozens of software products managed by third parties. The onboarding process alone can take weeks or months, especially when it comes to vetting the security posture for each. MVSP helps solve this—it standardizes this process and eliminates overhead, complexity, and confusion for both parties while ensuring the minimum-security requirements.” About Whistic Located in the heart of the Silicon Slopes in Utah, Whistic is the network for assessing, publishing, and sharing vendor security information. The Whistic Vendor Security Network accelerates the vendor assessment process by enabling businesses to access and evaluate a vendor’s Whistic Profile and create trusted connections that last well beyond the initial assessment. Make security your competitive advantage and join businesses like Airbnb, Okta, Betterment, and Atlassian who are leveraging Whistic to modernize their vendor security programs.

Read More

Spotlight

Browsing the Internet and staying connected with our mobile devices has become almost second nature to many of us. As we store some of our most valuable and private information on our phones, it’s more important than ever before to keep our devices secure and protected. Luckily, you don’t need to be an expert to stay safe in our connected world. Check out the quiz below to see if you have the basics covered.

Resources